Page 2 of 8 results (0.003 seconds)

CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0

The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function. • http://apache2triad.net/forums/viewtopic.php?p=14670 http://secunia.com/advisories/18390 http://www.securityfocus.com/archive/1/421469/100/0/threaded http://www.securityfocus.com/bid/16174 http://www.vupen.com/english/advisories/2006/0148 https://exchange.xforce.ibmcloud.com/vulnerabilities/24076 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors. • http://pear.php.net/bugs/bug.php?id=3443 http://pear.php.net/package/HTML_QuickForm_Controller/download http://www.osvdb.org/23766 •

CVSS: 5.1EPSS: 0%CPEs: 21EXPL: 0

Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded. Vulnerabilidad no especificad en el PEAR installer 1.4.2 y anteriores permite a atacantes con la implicación de los usuarios ejecutar código de su elección mediante un paquete artesanal que puede ejecutar cóidog cuando el comando 'pear' es ejecutado cuando el frontal Web/Gtk es cargado. • http://pear.php.net/advisory-20051104.txt http://secunia.com/advisories/17563 http://securitytracker.com/alerts/2005/Nov/1015161.html http://www.vupen.com/english/advisories/2005/2444 https://exchange.xforce.ibmcloud.com/vulnerabilities/23021 •